Duty Analyst: Ismael Melgar
← Back to CVE list

CVE-2026-21633

Published: 2026-01-05 17:15:47 | Last modified: 2026-01-30 01:23:39

HIGH CVSS 8.8
No EPSS data

Description

A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6.1.79 and earlier).



Affected Products:

UniFi Protect Application (Version 6.1.79 and earlier).



Mitigation:

Update your UniFi Protect Application to Version 6.2.72 or later.

CVSS details

Severity
high
Score
8.8
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

This CVE is not currently listed in the EPSS dataset.

Show JSON 
{
    "cve": {
        "id": "CVE-2026-21633",
        "cveTags": [],
        "metrics": {
            "cvssMetricV31": [
                {
                    "type": "Secondary",
                    "source": "support@hackerone.com",
                    "cvssData": {
                        "scope": "UNCHANGED",
                        "version": "3.1",
                        "baseScore": 8.8,
                        "attackVector": "ADJACENT_NETWORK",
                        "baseSeverity": "HIGH",
                        "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                        "integrityImpact": "HIGH",
                        "userInteraction": "NONE",
                        "attackComplexity": "LOW",
                        "availabilityImpact": "HIGH",
                        "privilegesRequired": "NONE",
                        "confidentialityImpact": "HIGH"
                    },
                    "impactScore": 5.9,
                    "exploitabilityScore": 2.8
                }
            ]
        },
        "published": "2026-01-05T17:15:47.133",
        "references": [
            {
                "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-058-058/6922ff20-8cd7-4724-8d8c-676458a2d0f9",
                "tags": [
                    "Vendor Advisory"
                ],
                "source": "support@hackerone.com"
            }
        ],
        "vulnStatus": "Analyzed",
        "weaknesses": [
            {
                "type": "Secondary",
                "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "description": [
                    {
                        "lang": "en",
                        "value": "CWE-287"
                    }
                ]
            }
        ],
        "descriptions": [
            {
                "lang": "en",
                "value": "A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6.1.79 and earlier).\r\n\r\n \r\n\r\nAffected Products:\r\n\r\nUniFi Protect Application (Version 6.1.79 and earlier).\r\n\r\n \r\n\r\nMitigation:\r\n\r\nUpdate your UniFi Protect Application to Version 6.2.72 or later."
            }
        ],
        "lastModified": "2026-01-30T01:23:38.587",
        "configurations": [
            {
                "nodes": [
                    {
                        "negate": false,
                        "cpeMatch": [
                            {
                                "criteria": "cpe:2.3:a:ui:unifi_protect:*:*:*:*:*:*:*:*",
                                "vulnerable": true,
                                "matchCriteriaId": "F58979E4-F426-4E50-BF77-7A94200D0357",
                                "versionEndExcluding": "6.2.72"
                            }
                        ],
                        "operator": "OR"
                    }
                ]
            }
        ],
        "sourceIdentifier": "support@hackerone.com"
    }
}